Editing Public-key cryptography (section)

{{short description|Cryptographic system with public and private keys}}
{{Use dmy dates|date=October 2019}}
{{more citations needed|reason=article with large unreferenced sections|date=January 2024}}

[[File:Public-key-crypto-1.svg|thumb|250px|right|An unpredictable (typically large and [[random]]) number is used to begin generation of an acceptable pair of [[cryptographic key|keys]] suitable for use by an asymmetric key algorithm.]]
[[File:Private key signing.svg|thumb|250px|In this example the message is [[digital signature|digitally signed]] with Alice's private key, but the message itself is not encrypted.
1) Alice signs a message with her private key.
2) Using Alice's public key, Bob can verify that Alice sent the message and that the message has not been modified.]]
[[File:Public key shared secret.svg|thumb|250px|right| In the [[Diffie–Hellman key exchange]] scheme, each party generates a public/private key pair and distributes the public key of the pair. After obtaining an authentic (n.b., this is critical) copy of each other's public keys, Alice and Bob can compute a shared secret offline. The shared secret can be used, for instance, as the key for a [[symmetric cipher]].]]
[[File:Public key encryption.svg|thumb|250px|right|In an asymmetric key encryption scheme, anyone can encrypt messages using a public key, but only the holder of the paired private key can decrypt such a message. The security of the system depends on the secrecy of the private key, which must not become known to any other.]]
'''Public-key cryptography''', or '''asymmetric cryptography''', is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a '''public key''' and a corresponding '''private key'''.{{Ref RFC|4949|notes=no}}<ref>{{Cite journal |last1=Bernstein |first1=Daniel J. |last2=Lange |first2=Tanja |date=2017-09-14 |title=Post-quantum cryptography |url=http://www.nature.com/articles/nature23461 |journal=Nature |language=en |volume=549 |issue=7671 |pages=188–194 |doi=10.1038/nature23461 |pmid=28905891 |bibcode=2017Natur.549..188B |s2cid=4446249 |issn=0028-0836}}</ref> Key pairs are generated with [[cryptographic]] [[algorithms]] based on [[mathematical]] problems termed [[one-way function]]s. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.<ref>{{Cite book|url=https://books.google.com/books?id=Dam9zrViJjEC|title=Cryptography and Network Security: Principles and Practice|last=Stallings|first=William|date=3 May 1990|publisher=Prentice Hall|isbn=9780138690175|page=165|language=en}}</ref> There are many kinds of public-key cryptosystems, with different security goals, including [[digital signature]], [[Diffie–Hellman key exchange]], [[Key encapsulation mechanism|public-key key encapsulation]], and public-key encryption.

Public key algorithms are fundamental security primitives in modern [[cryptosystem]]s, including applications and protocols that offer assurance of the confidentiality and authenticity of electronic communications and data storage. They underpin numerous Internet standards, such as [[Transport Layer Security|Transport Layer Security (TLS)]], [[SSH]], [[S/MIME]], and [[Pretty Good Privacy|PGP]]. Compared to [[symmetric cryptography]], public-key cryptography can be too slow for many purposes,<ref>
{{cite journal
 |last1=Alvarez |first1=Rafael
 |last2=Caballero-Gil |first2=Cándido
 |last3=Santonja |first3=Juan
 |last4=Zamora |first4=Antonio
 |date=2017-06-27
 |title=Algorithms for Lightweight Key Exchange
 |journal=Sensors
 |language=en
 |volume=17 |issue=7 |pages=1517
 |issn=1424-8220 |pmc=5551094 |pmid=28654006
 |doi=10.3390/s17071517 |doi-access=free
}}</ref> so these protocols often combine symmetric cryptography with public-key cryptography in [[Hybrid cryptosystem|hybrid cryptosystems]].